Redirect all DNS traffic to the pi.hole

This is more to remind me than anything else, but I figured out how to configure my firewall to redirect all DNS traffic (except from the pihole itself) to the pihole.

My pihole has an IP address of

iptables -t nat -A PREROUTING -i br-lan ! -s -p tcp --dport 53 -j DNAT --to
iptables -t nat -A PREROUTING -i br-lan ! -s -p udp --dport 53 -j DNAT --to
iptables -t nat -A POSTROUTING -j MASQUERADE

In OpenWrt, this needs to be pasted into Network → Firewall → Custom Rules, and then possibly reboot the router.

It is likely that a reboot is not necessary: the MASQUERADE line made me think I was still hitting the external DNS server, but it was transparently being handled by my pihole.